nanog mailing list archives
Re: Attn MCI/UUNet - Massive abuse from your network
From: "Jeff Shultz" <jeffshultz () wvi com>
Date: Fri, 25 Jun 2004 09:47:07 -0700
** Reply to message from Brad Knowles <brad.knowles () skynet be> on Fri, 25 Jun 2004 18:14:43 +0200
At 8:44 AM -0700 2004-06-25, Jeff Shultz wrote:At least if someone in this "clearing house" sells it to the terrorists, they will have had to work for it a bit, instead of having us hand it to them on a silver platter, as the FCC seems to want.Not true. If the information is forced to be completely in the open, then everyone knows it's not insecure and no one depends on the fact that it was supposed to be kept secret. This is a case where you are more secure the more open the information is -- indeed, as we are in most cases, which is why we have the age-old security mantra of "security through obscurity is not secure".
Do you realize that the basic element of security, the password, is based on the entire premise you just dismissed? And yet we still use them - and depend on the fact that they are supposed to be kept secret. The problem with being totally open about infrastructure is that there are some vulnerabilities that simply cannot or will not be fixed - wires sometimes have to run across bridges, redundant pumping stations are too expensive... in these cases is it not better to hide where these vulnerabilities are? The problem with your point is that even if the information is forced to be completely in the open, that is no guarantee that it will be fixed, and people _do_ depend on this stuff, regardless of its reliability or security. Do you really think that if we publish all the insecurities of the Internet infrastructure that anyone is gonna stop using it, or business, government, and private citizens are going to quit depending on it? Security through obscurity is not secure - but sometimes it's all you have. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Current thread:
- Re: Attn MCI/UUNet - Massive abuse from your network, (continued)
- Re: Attn MCI/UUNet - Massive abuse from your network Ben Browning (Jun 29)
- Re: Attn MCI/UUNet - Massive abuse from your network Steve Linford (Jun 29)
- RE: Attn MCI/UUNet - Massive abuse from your network Smith, Donald (Jun 24)
- RE: Attn MCI/UUNet - Massive abuse from your network Dr. Jeffrey Race (Jun 24)
- RE: Attn MCI/UUNet - Massive abuse from your network Smith, Donald (Jun 24)
- RE: Attn MCI/UUNet - Massive abuse from your network Dr. Jeffrey Race (Jun 24)
- Re: Attn MCI/UUNet - Massive abuse from your network Michael Painter (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Michael . Dillon (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Scott McGrath (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Jeff Shultz (Jun 25)
- Message not available
- Re: Attn MCI/UUNet - Massive abuse from your network Jeff Shultz (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Crist Clark (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Jerry Eyers (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Valdis . Kletnieks (Jun 25)
- RE: Attn MCI/UUNet - Massive abuse from your network Dr. Jeffrey Race (Jun 24)
- Re: Attn MCI/UUNet - Massive abuse from your network Michael . Dillon (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Jeff Shultz (Jun 25)
- Re: Attn MCI/UUNet - Massive abuse from your network Eric Brunner-Williams (Jun 25)